Forward Alfis domain names to external Alfis resolver

author: Alex Auvolat <alex@adnab.me> 2023-09-03 13:18:49 +0200
committer: Alex Auvolat <alex@adnab.me> 2023-09-03 13:19:04 +0200
commit: 61c740fda66831b209b9737a21324697036b479f (patch)
tree: 697789abc790b3383ef047294d5e7e29adc98d40 /nixos/common.nix
parent: efdc02e828e9316485d9460c3f314129e4a12382 (diff)
download: user-config-61c740fda66831b209b9737a21324697036b479f.tar.gz
user-config-61c740fda66831b209b9737a21324697036b479f.zip
1 files changed, 16 insertions, 2 deletions
diff --git a/nixos/common.nix b/nixos/common.nix
index e898dec..ef1fcff 100644
--- a/nixos/common.nix
+++ b/nixos/common.nix
@@ -38,10 +38,24 @@ in
 
   networking.networkmanager.enable = true;
 
-  services.unbound = {
+  services.unbound =
+  let
+    alfisTld = [ "anon." "btn." "conf." "index." "merch." "mirror." "mob." "screen." "srv." "ygg." ];
+  in {
     enable = true;
     resolveLocalQueries = true;
-    settings.server.log-servfail = true;
+    settings = {
+      server = {
+        log-servfail = true;
+        domain-insecure = alfisTld;
+      };
+      forward-zone = map (tld: {
+          name = tld;
+          forward-addr = "324:71e:281a:9ed3::53";
+          forward-tcp-upstream = false;
+          forward-tls-upstream = false;
+        }) alfisTld;
+    };
   };
   services.resolved.enable = false;
author	Alex Auvolat <alex@adnab.me>	2023-09-03 13:18:49 +0200
committer	Alex Auvolat <alex@adnab.me>	2023-09-03 13:19:04 +0200
commit	61c740fda66831b209b9737a21324697036b479f (patch)
tree	697789abc790b3383ef047294d5e7e29adc98d40 /nixos/common.nix
parent	efdc02e828e9316485d9460c3f314129e4a12382 (diff)
download	user-config-61c740fda66831b209b9737a21324697036b479f.tar.gz user-config-61c740fda66831b209b9737a21324697036b479f.zip